Process Innovation with in Banking

A case study of how Blockchain can change the KYC process in banks.

Jenitha Thavanathan

Industrial Economics and Technology Management Submission date: September 2017 Supervisor: Per Jonny Nesse, IØT Co-supervisor: Sverke Lorgen, DNB

Norwegian University of Science and Technology Department of Industrial Economics and Technology Management

Process innovation with Blockchain in KYC processes in banks: A case study

Jenitha Thavanathan

Master thesis in Industrial Economics and Technology Management

Supervisor: Per Jonny Nesse, IOT Case supervisors: Sverke Lorgen & Karl Christian Thomle, DNB

Trondheim, September 2017 ii iii Preface

This master thesis is part of the author’s Masters degree programme in In- dustrial Economics and Technology Management at the Norwegian Uni- versity of Science and Technology.

The author would like to thank the academic supervisor Professor Per Johnny Nesse and case supervisors Sverke Lorgen and Karl Christian Thomle for help and guidance throughout the duration of the project. The help and contributions are utmost appreciated.

Jenitha Thavanathan iv v Abstract

Innovation is the key to prosperity in competitive markets, as almost every significant business venture can trace its roots to an original spark of innov- ation, and on occasion, ground breaking innovation would foster a new way of thinking. Enter Blockchain, an emerging factor contributing to the in- dustry’s forced transition into a digital-first age. This thesis aims to uncover how process innovation with Blockchain technology can reinvent KYC pro- cesses in the banking industry today. This is as any other topic regarding Blockchain technology, only being approached by industry professionals. Due to its fairly young age, extensive research on Blockchain technology in KYC is sparse. In this thesis the IPO framework is adapted to business process change, in order to identify phases in the banks’ KYC process that can be redesigned with the help of Blockchain technology. This thesis will hopefully provide more insight on steps necessary to take in order to suc- cessfully implement Blockchain technology in KYC processes in banks. vi Contents

List of Figures ix

1 Introduction1 1.1 Personal Data Protection...... 3 1.1.1 GDPR...... 3 1.1.2 PSD2...... 6 1.2 Problem definition...... 6 1.3 Structure of the Thesis...... 7

2 Conceptual Background9 2.1 Process innovation...... 9 2.1.1 IPO Framework of Business Process Change... 10 2.2 Blockchain...... 14 2.2.1 Security...... 17 2.2.2 Public vs. Private ...... 18 2.3 KYC - Know Your Customer...... 19

3 Blockchain 2.0 23 3.1 Financial Services...... 24 3.2 Smart Property...... 27 3.2.1 Intangible assets...... 28 3.2.2 Tangible assets...... 29

4 Methodology 31 4.1 Literature search process...... 31 4.1.1 Academic paper search in online database..... 31 4.1.2 Conceptual article and financial reports search.. 32

vii viii CONTENTS

4.1.3 Published books...... 32 4.2 Processing and selecting the literature...... 33 4.3 DNB...... 33 4.4 Methodological Limitations...... 34

5 Case Analysis 35 5.1 Project Heatwave...... 37 5.1.1 How the system works...... 37 5.2 Findings and Outcomes...... 39 5.2.1 Business...... 39 5.2.2 Process...... 39 5.2.3 Technology...... 40 5.3 Challenges...... 40

6 Evaluation 43 6.1 Choosing Blockchain as a thesis topic...... 43 6.2 Project Heatwave developments during thesis writing... 43

7 Conclusion and Future Research 45 7.1 Future Research...... 45

References 46 List of Figures

2.1 Input, process, and output (IPO) model.1 ...... 10 2.2 The IPO Framework of Business Process Change.2 .... 12 2.3 Potential use-cases for Blockchain technology.3 ...... 15 2.4 From transaction request to completion with Blockchain.4 16 2.5 Example of money transaction from person A to person B on a blockchain.5,6 ...... 17 2.6 Business flow of KYC processes.7 ...... 20 2.7 Oracle Know Your Customer Model.8 ...... 21

5.1 The systematic process of Project Heatwave.7 ...... 37 5.2 Graphics of the system.? ...... 38 5.3 Gartner’s Hype Cycle of 2017.9 ...... 41

ix x LIST OF FIGURES 1 Introduction

Innovation is the key to prosperity in competitive markets, and almost every significant business venture can trace its roots to an original spark of in- novation.10 On occasion, ground breaking innovation would foster a new way of thinking. Strategy, predicts how a competitor will react - espe- cially when competitive markets are in unending flux,10 and investment in financial technology (FinTech) at the moment is booming at unpreced- ented rates.11 Mostly because those that seem to always react quickly to previously unforeseen opportunities10 are determined to stay ahead of new waves of innovation. While the competition stands flatfooted these enter- prises will succeed because they innovate. Technological advances are now forcing enterprise leaders to respond to change,10 and one prominent ex- ample is the world of banking which is going through massive transforma- tions (which they will continue to go through).11

In 2009 was introduced. Bitcoin is a or "virtual- currency", an asset you can buy and use electronically. It is billed as a peer-to-peer electronic cash system and used for such transactions. This means through , electronic cash assets can be exchanged directly between two parties without being mediated by a financial institution,11 which severely challenges the banks’ strategic competencies. The techno- logy Bitcoin is based on is called ’Blockchain’. The potential of Blockchain application outside of Bitcoin market was eventually recognized, and has since been adopted for several purposes by developers and investors.

Blockchain technology is emerging as another factor contributing to the in- dustry’s forced transition into a digital-first age12, as this new decentralized

1 2 Introduction ledger technology (DLT) now controversially has introduced a new pos- sible reality. A wold without the middle-man. Hence the question as if the need for a bank itself is being questioned with Blockchain technology. Ac- cording to Reed11, there are two scenarios that can describe the structure for what can possibly happen; the banks end up being lost to these new and more efficient financial services that are in touch with the digital world we live in, and end up competing with the same financial services. Or, the banks focus on the costumer and accept changes to their business model.11 Once deemed cost-prohibitive, Blockchain has the potential to lower the entry barrier to certain industries or business functionalities. Subsequently, as you are reading this, a broad awareness of DLT is being incorporated into the banks’ long-range strategic planning.12

Beyond Bitcoin and other , Blockchain offers tremendous potential to banking and other industries. Many banks around the world are in the process of creating - or already have created - a team or committee to study Blockchain’s impact on their business models (naturally also looking at potential use cases).12 They work together with other banks (this also includes the largest banks in the world) to share knowledge and ideas for using Blockchain.12 In a way, this reminds us of the development of the Internet in the early 90s, before it became a mainstream commodity. Some of the potential benefits of this technology, include the following: • Improved data integrity (reduced potential for human error/fraud). • Increased transaction speed (close to real time). • Reduced settlement risk (speed and simplification of processes). • Opportunity for cost reductions. • Improved data security and system resilience (there is no central point of failure). • Reduced use of capital for reserves (capital not tied ups for as long, if not at all). • Opportunity to digitize sales transactions and contracts, and to mon- 1.1. Personal Data Protection 3

itor the delivery of related goods or assets.12

Only by counting the number of conferences, events, and articles online, 2017 has quickly accelerated into a ’Blockchain-year’. Successful trial projects and pilots are being launched, and the notion of Blockchain be- ing something new and difficult to conquer, seems to be dismissed as it is somewhat operational in certain areas, at least with successful pilot pro- jects.

1.1 Personal Data Protection

1.1.1 GDPR

By May 2018 the EU General Data Protection Regulation (GDPR) replaces the current Data Protection Directive 95/46/EC. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. GDPR is the most important change in data pri- vacy regulation in 20 years and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. The GDPR applies to both organizations located both within and outside of the EU if they offer goods or services to, or monitor the behaviour of, EU individuals. It applies to all companies processing and holding the per- sonal data of individuals residing in the European Union, regardless of the company’s location.13 The main changes to the regulatory policies are as follows:

• Increased Territorial Scope (extra-territorial applicability): As mentioned above the GPDR will apply to the processing of personal data by controllers and processors in the EU, regardless of the loca- 4 Introduction

tion of the processing. It will also apply to the processing of personal data of individuals in the EU by a controller or processor outside the EU. The same way it will apply to non-Eu businesses that processes the data of EU citizens (with a representative in the EU).

• Penalties: Breach of GDPR can result in fines up to 4% of the organ- ization’s annual global turnover (or a maximum of 20 million euros, whichever is greater). Also, a company can be fined 2% for not having their records in order, not notifying the supervising authority and individuals (citizens) about a breach, or not conducting impact assessment. These rules apply to both controllers and processors, meaning ’clouds’ will not be exempt from GDPR enforcement.

• Consent: An individual must consent to data being used and has the right to rescind that consent at any time. Using clear and plain lan- guage, consent must be distinguishable and provided in an intelligible and easily accessible form.

• Breach Notification: Breach notification is mandatory in all member states where a data breach is likely to "result in a risk for the rights and freedoms of individuals".

• Right to Access: The individuals has the rights to know who has ac- cess to their personal data, what data has been made available, how that data is being used or processed, and to what purpose. The indi- viduals also must be able to obtain (on demand and for free) a copy of the digital information that is undergoing processing.

• Right to be Forgotten: An individual is entitled to demand that the data controller erases any or all personal data held about an indi- vidual by that controller, cease further dissemination of the data, and potentially have third parties halt processing of the data.

• Data Portability: The right for an individual to receive the personal 1.1. Personal Data Protection 5

data concerning them (which they have previously provided in a di- gital format), and has the right to transmit that data as they see fit.

• Privacy by Design: Privacy by design entails the inclusion of data protection from the onset of the designing of systems, rather than as an addition. Controllers are to hold and process only the data abso- lutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.

• Data Protection Officers: There will be internal record keeping re- quirements, and DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale, or of special categories of data or data re- lating to criminal convictions and offences.14

With the onus of personal data stewardship being given to the individuals themselves, they would not need to rely on a controller, issuer or processor to adhere to regulation to obtain, copy, move, transmit or secure their data as it is being done today. The individuals would own it and they would control the access. Blockchain helps achieve exactly that with DLT, meant to provide information that no distinct entity controls or manages. Because Blockchain utilizes a decentralized network of peers, where the history and current validity can be audited publicly (se chapter 2), it becomes a neutral, trusted and secure mechanism for self-managed user identity. The indi- viduals will have complete access, the data will be trusted by third parties as valid (so that it can be used as easily as any physical identifier), and they can grant and rescind scoped access.15 6 Introduction

1.1.2 PSD2

The Second Payment Services Directive (PSD2) is a fundamental piece of payments-related legislation in Europe (entered into force in January of 2016). All Member States must implement these new rules as national law by January 13th, 2018. PSD2 "aims to increase competition in an already competitive payments industry, by bringing into scope new types of pay- ment services, enhance customer protection and security, and extend the reach of the Directive."? It is an important step towards making Europe fit for the digital age. It will allow retailers to "ask" consumers for permission to use their bank details. Once permission is given, the retailer will re- ceive the payment directly from the customer’s bank, with no middle-man actions (this direct connection between retailers and banks will be enabled using APIs).

1.2 Problem definition This thesis aims to uncover how process innovation with Blockchain tech- nology can reinvent KYC processes in the banking industry today. The goal is to explore aspects of process innovation and apply them to areas of today’s KYC processes, but with Blockhcain as the technical tool and the enabler of process innovation. This master thesis is written in collaboration with the Norwegian bank DNB, which has prominently influenced the re- search. Their insight and information has been critical to this study, as most of the developed stages of Blockchain projects being conducted around the world at the moment, are withheld from public eyes. Mainly because of first-mover/quick-follower strategies and tactics, but also because of early stages of testing. 1.3. Structure of the Thesis 7

Based on the problem description and the above mentioned scope, the main research question formulated will be addressed through-out this thesis. The main research question is defined as follows:

How can Blockchain be used in KYC processes in banks?

In order to answer this question, the following research sub-questions need to be answered as well:

RQ1: Can customer data be collected and registered in a distributed database? RQ2: Can consensus be used to validate information? RQ3: Who are the trusted intermediaries?

1.3 Structure of the Thesis First, a conceptual background will be presented that includes theory on process innovation, Blockchain, KYC, and domains of use for Blockchain. Then, based on this, the conceptual framework driving the research ques- tions will be presented. Further, the methodology of this study will be explained, providing an explanation of the identification, collection, and analysis of the literature, collection of case data, as well as the limitations of the chosen methodology. After which, an extensive in-depth descriptive analysis of the case will be presented along with the potential of Blockchain in KYC, followed by an evaluation of the thesis process. Subsequently, lim- itations to the study and further research areas will be identified. 8 Introduction 2 Conceptual Background

This chapter will present relevant theory and concepts applicable for this case study. Definitions of Process innovation, Blockchain, and KYC will be introduced and further elaborated on.

2.1 Process innovation The number of definitions for ’Process Innovation’ in the literature is sparse, therefore by combining the definitions of ’Innovation’ and ’Process’ we can construct an applicable definition. According to Oxford dictionary,16 a process can be defines as "systematic series of mechanized or chemical op- erations that are performed in order to produce something."16 O’Sullivan & Dooley17 define innovation as: "...the process of making changes, large and small, radical and incremental, to products, processes, and services, that results in the introduction of something new for the organization that adds value to customers and contributes to the knowledge store of the organ- ization." 17 Process innovation can thereby be defined as: making changes in a systematic series of mechanized operations that produces a new and improved process for the organization, that adds value to their customers. It is an investment into the company’s skills, resources and competences, allowing the company to introduce cost saving changes in production pro- cesses, but also to introduce new technology which allows the production of a range of products quite different from the existing ones.18 To further elaborate on process innovation we can take a look at the IPO framework of business process change.

9 10 Conceptual Background

2.1.1 IPO Framework of Business Process Change

A process cannot exist without inputs to process and outputs that come out of it, otherwise negating the sole purpose of a process. Where there are inputs, processes and outputs, there is a system. A system can be defined as "a coherent whole with a boundary, which separates it from everything else."1 This means that the objects within a system are interrelated in an or- ganized way. An example of such, is a natural system1 such as the sun and the planets along their orbits within the solar system, all the cells that make up the human body, or even a human activity system[] of different elements that make up an organization. Regardless of what type of system we want, there are these three distinct types of objects (inputs, processes and outputs) we need to consider. Figure 2.1 shows how processes first receive inputs, and then combine and transform them into outputs, we call this the input- process-output (IPO) model.1 If the system requires something from the environment it is called an input (f.eg. materials, people, money, inform- ation, etc.), and if the system provides something to the environment, it is an output(finished goods, services, information, money, etc.).1 The bound- ary of the system defines the inputs and outputs of the system as a whole. Thus, when referring to process innovation, naturally it applies to the entire system.

Figure 2.1: Input, process, and output (IPO) model.1

The IPO model in Figure 2.1 can be tailored for business process change by identifying business related inputs, process, and outputs. Figure 2.2 presents the IPO framework proposed to guide process change design and management. According to Grover & Otim2, the anticipated outcomes 2.1. Process innovation 11 of business process change (Figure 2.2) should be driven by business strategy. Oliver19 defines an organization’s business strategy as "under- standing an industry structure and dynamics, determining the organization’s relative position in that industry and taking the action to either change the industry’s structure or the organization’s position to improve organizational results"19. To elaborate further he states that industry structure and dynam- ics "determine the broad parameters of growth and earnings potential and delimit what is realistically possible to achieve."19 What sets the firm’s spe- cific achievement profile and the scope of its strategic options, is the firm’s relative position in a given industry structure. Therefore how a specific or- ganization responses to its strategic (structural and positional) circumstance and aspirations, is defined by industry or organizational change.19 Strategy-driven outcomes help identifying specific activities and processes through which the organization can achieve its business objectives, also ensuring that the resulting business processes enable the organization to remain well aligned to the requirements of the business, social, and polit- ical environments in which it operates.2 However, delivering the known requirements while still be able to deliver the future requirements as condi- tions change, will be a challenge. 12 Conceptual Background

Figure 2.2: The IPO Framework of Business Process Change.2

There are two factors to inputs to change; preparations for change and en- vironmental considerations that affect the preparations for change. When preparing for change, assessing the organization’s ability to efficiently and effectively deliver the new business process requirements is vital before embarking on business process change analysis. In addition to be able to deliver the requirements in such a way, it is also at the same time, important to maintain the agreed upon levels of performance within the current envir- onment.2 Thus, changes in the environment will naturally affect the prepar- ations for change and so the organization must pay attention to factors such as:

Change dynamics: In order to assess the level of resistance to change engendered by the business process change initiative, analyzing change dynamics is quite necessary. Interaction among several antecedents might cause such resistance. 2.1. Process innovation 13

Securing stakeholder commitment: Getting the stakeholders in- volved in the change process can secure stakeholder commitment. In order to build a solid foundation for the change program, commit- ment from stakeholders is essential.

Change strategy: When the change dynamics have been assessed, a specific change strategy should be formulated. Such strategy can "either be evolutionary (the choice of either technical or social sys- tem first, or gradual, staged socio-technical change), or revolutionary (simultaneous change of both technical and social systems)."2,20

Structure of change process: In order for initiated change pro- jects to succeed, proper leadership is required,21 along with specific roles assigned to provide some degree of control and structure for the change process.22

Process innovation can also be regarded as an introduction of a market in- telligence system that enables the company to become better at developing product innovations.18 When business processes are properly designed they can help achieve efficiency and effectiveness for the organization. Sub- sequently, when they are designed to be innovative in a visible and dra- matic way, it provides order-of-magnitude improvements in the way busi- ness objectives are accomplished, which might explain the continued strong interest in business processes among organizations.2,22 Information techno- logy (IT) is a potent change enabler of process innovation. According to Davenport22 process innovation is an intermediate step between IT invest- ments and economic returns. As a business, it is essential to recognize the need for improving business processes by responding better and quicker in order to remain competitive. The pace of change in the new digital eco- nomy puts such demands on today’s businesses, and challenges them to reinvent themselves again and again.2 According to Davenport22 process innovation consists of five steps: 14 Conceptual Background

• identifying processes for innovation, • identifying change enablers, • developing a business vision and process objectives, • understanding and measuring existing processes, and • designing and building a prototype of the new process and organiza- tion

We see that these five steps are quite similar to the IPO framework of busi- ness process change shown in Figure 2.2. In chapter 5 a roughly combined, version for this case study will be used in the analysis.

2.2 Blockchain Currency transactions between persons or companies are often centralized and controlled by a third party organization. Therefore, making a digital payment or currency transfer used to require a bank or credit card provider as a middleman to complete the transaction. With cryptocurrencies, this all changes. With a decentralized environment created for cryptocurrency by Bitcoin, participants can now buy and exchange goods with digital money without any third party involvement.23 Bitcoin currency was the first and only application of the technology behind it. Creating the possibilities for decentralized organization on a scale that we have never seen before, Block- chain technology has come to stay and cannot be uninvented.24,23 It will help solve the issues with transaction systems that are typically centralized, where all data and information are controlled and managed by a third party organization, rather than the two principal parties involved in the transac- tion.23 According to Oxford dictionary, a blockchain is "a digital ledger in which transactions made in Bitcoin (or another cryptocurrency) are re- corded chronologically and publicly."16 It is a decentralized ledger of all transactions across a peer-to-peer (P2P) network, where participants can confirm transactions without the need for a central certifying authority. Po- 2.2. Blockchain 15 tential applications include fund transfers, settling trades, voting, and many other uses as depicted in Figure 2.3. These will be further elaborated on in Chapter 3.

Figure 2.3: Potential use-cases for Blockchain technology.3

With Blockchain technology, virtually anything of value can be tracked or traded in real time (Figure 2.4 shows how this works). When someone requests a transaction (1), the requested transaction is recorded in a dis- tributed ledger -including information of every transaction ever completed which is shared and is available to all nodes, making the system more trans- parent (than centralized transactions involving a third party). After the transaction is recorded in the ledger, it then gets broadcast to a P2P net- work (2) consisting of computers (nodes). This network of nodes provides access to synchronized copies of information that are continually being rep- licated, which makes the network highly secure and resistant to outages and attacks even though all entries can be viewed by anyone participat- ing in the Blockchain. The network of nodes also validates the transaction 16 Conceptual Background and the user’s status (2) using known algorithms. Examples of such val- idated/verified transactions (3) are cryptocurrency, contracts, records, or other information. Once the transaction is verified, it gets combined with other transactions to create a new block of data (4) for the ledger, that main- tains a continuously-growing list of blocks (forming a chain). Each block contains a time-stamp and a link to the previous block (the data in the block is encrypted and cannot be altered).25 A new block is permanently added to the existing blockchain (5) and the transaction is now complete (6).4,12,23

Figure 2.4: From transaction request to completion with Blockchain.4 Figure 2.5 shows an example of a money transaction between Person A and Person B. Here, A wants to send money to B and requests a transaction (1). The requested transaction is recorded in a distributed ledger (2). After the transaction is recorded in the ledger, it gets broadcast to every party in the (P2P) network (3) that then together approve that the transaction is valid (4). The transaction now is combined with other transactions to create a new block of data and can be added permanently to the chain (5). The money is now moved from A to B (6). 2.2. Blockchain 17

Figure 2.5: Example of money transaction from person A to person B on a block- chain.5,6

2.2.1 Security

One of the advantages Blockchain has over a conventional centralized data- base is security. Blockchain relies on encryption to validate transactions by verifying the identities of parties involved in a transaction.26 Every person or business involved in the network has a copy of the encrypted chain.25 A hash (complex mathematical calculation) is performed each time a transac- tion is added to the blockchain, which depends on the transaction data, the identities of the parties involved in the transaction, and the result of pre- vious transactions.26 Because an encrypted chain is constantly being rep- licated across many different points, if one of the points on the network happens to be attacked, other points on the network step in and provide identical information.12 In addition, the current state of the blockchain de- pends on previous transactions, which ensures that a malicious actor can- not alter past transactions. This is because if previous transaction data is 18 Conceptual Background changed, it will impact the current value of the hash and not match other copies of the ledger.26 In other words, false transactions cannot be added to the blockchain without the consent of the parties involved.26 Further, if someone attempts to hack a blockchain to gain access to information on specific transactions, they would have to hack the entire chain -every point individually and simultaneously, which is virtually impossible. Sub- sequently due to no central point of failure, blockchains are presently pre- sumed unhackable. Naturally, staggering applications are now being de- veloped with Blockchain in the security industry. Some examples are:

• Personally Identifiable Information (PII) protection • Company and personal digital identity and authentication • Anti-counterfeit protection for electronics, luxury items and pharma- ceuticals • Single-sign-on and global "automated sign-offs" • Malicious actor identification • Verification software as a service • Biometrically-controlled, multi-signature wallet applications25

2.2.2 Public vs. Private Blockchains

Public blockchains or ’permission-less ledgers’27 are open to the public and anyone can participate as a node in the decision-making process. Bitcoin is an example of this. The public ledger is not owned by anyone27 and can be read from or written to by anyone who wishes to transact, which makes it an ideal place for public transactions between individuals who do not know each other.26 Because it is not necessary for any approvals in public blockchains, they can be complicated to use and keep updated at the same time.11

Private blockchains function within a closed network. Everyone who in- teracts with the ledger is known11 and the participants of the network are 2.3. KYC - Know Your Customer 19 usually obligated by legal contracts in their capacity to use the ledger.11 This is because these blockchains might exist internally within a conglom- erate of businesses or inside of one large company,11 open only to that specific consortium or group of individuals that has decided to share the ledger among themselves.27 Except the fact that the identity of anyone who attempts to access a private blockchain must be validated against a list of pre-validated market IDs, private blockchains behave in the same way as a public blockchain.26 It is expected that private blockchains will dominate most commercial applications. The vast majority of commercial block- chain applications (particularly in capital markets) are likely to use private blockchains.26

2.3 KYC - Know Your Customer In order to prevent identity fraud, money laundering, terrorist financing among other criminal acts, banks are required to put in place a policy framework - a thorough customer due-diligence (CDD) process, to know everything about potential new customers before opening any accounts or letting through any transactions. Such CDD processes must all be in ac- cordance with "Know Your Customer" (KYC) regulations and policies.28

"KYC entails the need for customer identification and the creation of audit- able evidence of due diligence activities." 29 "It highlights methods and pro- cesses for prudent customer identification, record keeping, identification of suspicious activities, as well as the need to report such activities to the ap- propriate authority for further investigation." 28

KYC applies to all institutions licensed to perform business transactions under the banking act.28 Banks must validate that their customers are not, or have not been involved in illegal activities such as mentioned above. 20 Conceptual Background

In order to meet KYC conformity requirements they must:

• verify a prospective client’s identity, • maintain confirmation of the steps taken to identify their identity, and • determine whether a prospective customer is listed on any certified lists in connection with supposed terrorist activities, money launder- ing, fraud or other crimes.

In essence, the bank needs to know the source of funds in a customer’s ac- count(s),30 and in order to detect any activity that is contradictory with the customer’s business (or income), the bank has to confirm the identity (and business) of the particular customer and then generate a profile on them.31 Internal audit and compliance functions have important responsibilities in evaluating and ensuring observance to KYC policies.32 Policies that usually incorporate customer acceptance policies, customer identification proced- ures, monitoring of transactions, and risk management,29 shaping KYC as a continuous process that is not only limited to new customers, but also appropriate for monitoring current costumers as well.

Figure 2.6: Business flow of KYC processes.7 2.3. KYC - Know Your Customer 21

Figure 2.7: Oracle Know Your Customer Model.8

Figure 2.6 and Figure 2.7 together, explain the KYC processes within a bank when registering a new customer (on-boarding). The first step is to gather information about the customer. This is done by sending the cus- tomer a form to fill out. After-which, the identity of the customer must be confirmed by the bank through investigations. When the identity is valid- ated, the customer’s name and address is compared to sanctioned lists of suspicious or designated persons that are regularly produced by govern- ment agencies.31 Because KYC enable banks to know their costumers and their financial dealings better, it will in turn also help the banks manage the costumer’s risks prudently,? which is why a risk score is applied to the customer. This is followed by the customer on-boarding if the customer 22 Conceptual Background is a new customer. Then, periodic reviews are conducted with continuous update of information, as well as monitoring of transactions to identify sus- picious behavior.7 3 Blockchain 2.0

The concept of Blockchain 2.0 is used to describe domains of use for Block- chain technology beyond currency, finance, and markets.33,27 The Block- chain 2.0 space is still in development, and there are many different cat- egories, distinctions, and understandings of it, which is why standard clas- sifications and definitions are continuously emerging.33 Therefore, in this study, definitions and classifications available at the time of writing this thesis will be used. Blockchain 2.0 refers to the decentralization of mar- kets in a more general sense, contemplating transfers of many other kinds of assets beyond currency, using the Blockchain all the way from the cre- ation of a unit of value, through every time it is transferred or divided.33 An approximate technological metaphor would be if we look at Blockchain 1.0 as the Internet Technology and its underlying infrastructure (such as the TCP/IP transport layer of the Web), and then look at Blockchain 2.0 as the services that can be built to run on top of it such as Amazon, Netflix and AirBnb (HTTP, SMTP, FTP, etc.) does on the Internet. Swan33 states that it is important to note that these terms "are very much still in development and any metaphor might quickly become outdated...it might be like calling Chrome a ’Napster 2.0’, or Facebook or AdBlock a ’Web Browser 3.0’."

Table 1 lists some of the different classes and examples of property and contracts that might be transferred with Blockchain. In theory, all financial transactions could be reinvented on the Blockchain.33

23 24 Blockchain 2.0

Classes Examples Escrow transactions, bonded contracts, third-party General arbitration, multiparty signature transactions. Stock, private equity, crowd-funding instruments, Financial transactions bonds, mutual funds, annuities, pensions. Land and property titles, vehicle registrations, Public records business licenses, marriage certificates, and death certificates. IOUs, loans, contracts, bets, signatures, wills, Private records trusts, and escrows can be stored. Digital identity can be confirmed with the block- chain through securely encoded driverâA˘ Zs´ li- Identification censes, identity cards, passports, and voter regis- trations. Proof of insurance, proof of ownership, and notar- Attestation ized documents. Physical asset keys Home, hotel rooms, rental cars, automobile access. Patents, trademarks, copyrights, reservations, and Intangible assets domain names) can also be protected and trans- ferred via the blockchain.

Table 1: Blockchain applications beyond currency.33

This chapter explains the domains of use for Blockchain technology so far thought of, or approached to attempt at within financial services and con- tracts. Because it can be applied to almost any system operating on cent- ralized information that can thrive on a decentralized ledger network, you will find, as you read through this chapter, that most parts of a functioning society can be subject to Blockchain technology.

3.1 Financial Services Interfacing cryptocurrencies with traditional banking and financial markets is the most prominent area for Blockchain business,33 as the financial in- 3.1. Financial Services 25 dustry has played the largest role so far in investing in Blockchain tech- nology.11 Many of the Blockchain start-up companies are in fact founded by bankers. NASDAQ, Visa, and JPMorgan are only a few of the big names providing assets to further developing of blockchain technology.11 Venture capital-backed Ripple Labs is reinventing the banking ecosystem and allowing traditional financial institutions to conduct their own business more efficiently by using blockchain technology.33 With sufficient amount of funds invested, companies can be able to explore how to commercial- ize Blockchain technology in order for it to handle the trade of stocks, bonds, loans, derivatives, and other assets.11 Table 2 shows a several star- tups’ and/or larger companies’ blockchain projects or partnerships. 26 Blockchain 2.0

Company Projects/Partnerships Lets banks transfer funds and foreign exchange trans- Ripple Labs actions directly between themselves without a third- party intermediary.35 Aims to make it possible for end users to buy and sell Coinffeine Bitcoin directly without an exchange.36 Investedin by Spanish bank Bankinter.33 A decentralized blockchain-based peer-to-peer lend- BTCjam ing. - Launched the first US-regulated Bitcoin swaps ex- change. - Make it possible for investors to buy Bitcoin con- Tera Exchange tracts directly through its online trading platforms. - Includes Tera Bitcoin Price Index, an institutional Bitcoin price index.40 A Bitcoin exchange that has partnered with a bank to provide regulated financial services involving Bit- coin.39 Announced in 2014 a partnerships with three major PayPal Bitcoin payment processors: BitPay, , and GoCoin.37 Braintree (PayPal Is working on a feature with which customers can pay acquisition) for Airbnb rentals and Uber car rides with Bitcoin.38 Is building an API for financial institutions to offer Vaurum traditional brokerage investors and bank customers access to Bitcoin. Aims to provide a decentralized stock market for Medici equity securities in the blockchain model.42 121 physical-world artworks crafted on 30U30˚ cm Swancoin varnished plywood, are available for purchase and transfer via the Bitcoin blockchain.51

Table 2: Blockchain projects and/or partnerships.33

Blockchain may be the key to preventing major financial crises. The real- time updating and transparent access to the distributed ledger make it con- 3.2. Smart Property 27 siderably easier to get accurate understandings of market value. This pre- vents the dangerous and inaccurate speculations and provides for more hon- esty and truth in the reporting how the market is faring. With a trustworthy and neutral source providing data accessible to all on the heath of the mar- ket, the risk of uninformed or unscrupulous deals being made that exploit the ignorance of the other part is significantly lowered. Furthermore, with different forms of handling data in the first place, Blockchain technology has the potential to level some of the inequalities that league societies across the globe; this is because people will have access to new forms of market participation and new types of information that can be capitalized upon and sold for profit.11

3.2 Smart Property Blockchain technology can be used for any form of asset registry, inventory, and exchange. This includes all areas of finance, economics, and money. These are both hard/tangible assets (physical property), and intangible as- sets (votes, ideas, reputation, intention, health data, and information). This will open up multiple classes of application functionality across all seg- ments of businesses involved in money, markets, and financial transac- tions. Thus, with blockchain tehcnology, property becomes ’smart prop- erty’ transactable via smart contracts (subject to existing law).33 Because any asset can be registered as a digital asset on the blockchain, its owner- ship can be controlled by whomever has the private key. The asset can then be sold by the owner by transferring the private key to the buyer. Smart property transacted with blockchains is completely new. In fact, crpto- graphically defined property rights that are self-enforced by code, is indeed an alien concept.33 Below are the common most thought of tangible and intangible assets. 28 Blockchain 2.0

3.2.1 Intangible assets

Intangible assets entails votes, ideas, reputation, intention, information, stock shares, reservations, or copyrights (books, music, illustrations, digital fine art etc.)33

Personal data and identity: With GDPR mentioned in chapter 1.1, Blockchain has the potential to prevent companies from "getting a hold of" people’s personal data, and instead put people in control of their own personal data. This creates a sense of security and pro- tection of identity for people, especially with the implementation of identity protecting Blockchain technology.11 Identity authentication and secure access will be much more granular, flexible, and oriented to real-time demand, than what is currently possible.33

Health care: Transaction of medical records is a perfect example of data being transmitted that must be protected.11 Health care in- dustries are showing interest in the potential of Blockchain, due to inefficient and outdated practices to keep patient identities and in- formation safe.11

Media Business: Blockchain can make music available online, se- cure, yet convenient to access on the web. It has the potential to change the way the music business deals with royalty costs.11 An ex- ample of this is Imogen Heap, who made music history by releasing her single on the Blockchain music sharing platform Ujo.11

Democracy: Blockchain can bring financial infrastructure to people who have no access to it (without banks), and has the potential to eliminate the issue of voter fraud. In a Blockchain system, votes can- not be faked. It prevents the anonymity of voters, which protect that data from misuse on the part of the government, while ensuring the legitimacy of the voter’s identity through the verification system.11 3.2. Smart Property 29

Insurance: With the 24-availability of Blockchcain technology, you could get insurance on the weekends, even after company hours. The need to resort to insurance companies altogether may be obsolete for some industries. Rideshare drivers can pool their money and utilize smart contract technology to insure one another. This eliminates the need for insurance companies altogether, since the identities of the borrowers are already certified and there is no need for an insurance company.11

Manufacturing: 3D Printing can be risky in terms of transferring data. This applies to other goods as well. Particularly for smaller companies, the task of protecting the IP of their products is highly challenging when they also are trying to operate on a platform to sell their products. Using Blockchain, people who hold the rights on their creations have a platform to store meta-data on actual substances, thereby ensuring the safety of their products.11

Education: One proposition is that education can be made into a trackable resource, recorded in your ledger account and qualified in units called "Edu-blocks". One such ledger of education can be used to track people down with the right qualifications. Education is an institution plagued by arbitrary hierarchies, and Blockchain techno- logy could in theory be used to conceive completely new models for restructuring society.11

3.2.2 Tangible assets

Tangible assets entail physical-world hard assets like a home, car, bicycle, or computer.

Real Estate: Blockchain can revolutionize the function of the real estate market by making contracts, deeds and titles more secure and traceable than ever before. With an updated record distributed across 30 Blockchain 2.0

multiple platforms, the risk of this loss is avoided and can be bet- ter maintained. Not only that, but the transactions can occur more quickly, which will have an impact on the practice of trading prop- erty as an asset.11

Distributing food and drink: Using E.Coli contaminating veget- ables as an example, Blockchain could be utilized to minimize such a danger by creating a more effective tracking system for these products. One unnamed start-up is already working on this.11

Tracking down black market goods: Blockchain technology can be utilized to form a registry that would allow users to trace the own- ership of an item to determine whether they are of illegal or false provenance. That way we will know if a diamond is a blood dia- monds or a weapon is made with 3D printers.One unnamed start-up is already working on this.11 4 Methodology

The following chapter addresses the methodology of this case study. First, an explanation of the literature search process will be presented, including arguments for the chosen search methods. Further, the method used for processing and analyzing the literature will be explained in detail, includ- ing the selection process of articles and the literature review process. After which, the method of obtaining case sensitive information will be presen- ted. Lastly, the methodological limitations will be discussed.

4.1 Literature search process The literature search process was conducted using, an online database, pub- lished books, and conceptual articles online.

4.1.1 Academic paper search in online database

The aim of using this search method was to find reliable literature on Block- chain technology, KYC processes in banks, and process innovation, in order to try and determine a relation between them. Academic papers provide an in-dept fact-based analysis of the concerning topic which is always reliable and trustworthy. For this, Oria was used. Oria is a common portal to all the material found at most Norwegian academic and research libraries.34 This means that Oria would function as a collective database of all the other databases, as articles from other databases would appear in the search res- ults. Oria has the functionality of selecting search by "title", "abstract" or both. These sorting options were chosen as they most often include the main focus and scope of the articles. Accordingly, the literature review

31 32 Methodology would reveal articles that have a relevant and applicable research focus for this study.

4.1.2 Conceptual article and financial reports search

Due to the young age of Blockchain technology, the research available was mostly books published by Blockchain enthusiasts (with scientific or business backgrounds). These were all mostly similar in concept as they appealed to the a Blockchain newcomer and opted for a "what is block- chain" theme. In order to attain the latest most updated information about the technology, conceptual articles written by technology firms/start-ups, banks, consultancy firms, technology magazines and websites became ne- cessary to consider. Here, only prominent and well known names that are considered trustworthy were considered. It became more and more evident that this is where the "inside information" were to be found due to current first-mover/quick follower strategies in the market.

Firm Report/Article Deloitte : Blockchain applications in ranking Goldman & Sachs : Global investment research. PWC : Blockchain info-graphic Nordea : Blockchain DNB : Project related information Oracle : KYC Financial Times : Blockchain EU GDPR Portal : GDPR FAQs and Key changes Table 3: Example of corporate reports and conceptual articles.

4.1.3 Published books

Relevant published books found on Oria were used to define terminology and conceptual background. Most of the books used were written by ex- perts in the field of cryptocurrency and DLT. 4.2. Processing and selecting the literature 33

Author Book Thomas H. Davenport : Process innovation Chris Skinner : Digital Bank Andreas M. Antonopoulos : The Internet of Money David Hamme : Customer Focused Process Innovation Jeff Reed : Financial Technology O’Sullivan & Dooley : Applying innovation Curry, Flett, & Hollingsworth : Managing Information and Systems Table 4: Example of books used.

4.2 Processing and selecting the literature Some criteria were set in order to decide which articles to discard and which articles to keep for the literature review. The aim of this process was to end up with a sample of relevant articles to be reviewed in more detail. The aca- demic papers based on empirical studies (predominantly on process innov- ation, digital banking, and Blockchain) were used to create the backdrop for the theory mentioned in this study, as well as factual confirmations and affirmations to this study, while the conceptual articles were used as insight on Blockchain technology, as they were the most updated and/or relevant and informative regarding the topic.

4.3 DNB All necessary information regarding Blockchain in KYC were attained from DNB in confidence. This was accomplished through face to face meetings, phone conversations, as well as e-mail correspondence. Due to changes in contact person as well as contact with multiple people through multiple channels, interviewing one person (or more) was unlikely (also affected by tight schedules and summer vacations). In addition due to the developing 34 Methodology nature of Blockchain, some of the attained information became irrelevant for this study in the end.

4.4 Methodological Limitations This literature review has certain limitations to its methodology. As the literature search was highly dependent on keywords when performing the literature search, the struggle to define keywords accurately identifying Blockchain related literature became apparent. As this the technology is quite young, and few successful projects have been launched, the major- ity of the literature found on Blockchain were conceptual articles. Only a few empirical studies were found, but turned out to be irrelevant for this study. Blockchain is in its peek year when it comes to early development and testing stages of pilot projects. This is why the information available when researching for this thesis in December 2016 rapidly changed each month (even every week) that went on, heavily affecting writing this case analysis. Even information attained in June-August 2017 were included in the thesis because the development of KYC projects had changed. Thus, time-sensitivity was a major factor when researching for this thesis. Sub- sequently the frequency and method of research had to adapt to the rapid development of Blockchain technology around the world. 5 Case Analysis

Studies have shown that at global level the potential savings for centralized solutions are in the magnitude of $400-800 million per year for KYC re- lated processing.7 Deloitte35 lists several positive outcomes with the use of Blockchain technology in KYC processes. The use of a distributed ledger system in KYC processes • can automatize processes and thus reduce compliance errors. • would remove the duplication of effort in carrying out KYC checks. • enable encrypted updates to client details to be distributed to all banks (authorized access to their data) in near real-time. • would provide a historical record of all documents shared and com- pliance activities undertaken for each client, which could be used to provide evidence that a bank has acted in accordance with the re- quirements. • can be of use in identifying entities attempting to create fraudulent histories. • can help spot irregularities or foul play - directly targeting criminal activity by analyzing the data within it. • can be used to cement real-world identities to cryptographic identities in the database. • gives the ability to scan customer documents and identity information and then generate private and public keys to seal them before the data is encrypted and sent to the blockchain.35

Goldman & Sachs estimate that proper KYC due diligence can cost $15000- $50000 per client. In addition to such financial burden, KYC requests can also delay transactions, taking 30 to 50 days to complete.26 While annual compliance costs are high, there are also large penalties for failing to fol-

35 36 Case Analysis low KYC guidelines properly. With KYC processes on a blockchain, cost like these can be severely reduced. In fact, the Heatwave project estim- ated a Nordic savings potential of 20-40 million euros per year for DLT solutions and market harmonization. This was based on the participating 5 banks, 2000 large corporate customers and all-in costs such as operations, technology, administration etc.7 Other benefits expected from this project were efficiency gains on customer side, followed by customer experience improvements. Transparency with the customer in control, and driving reg- ulatory harmonization.7 SWIFT also recently established its KYC Registry with 1125 member banks sharing KYC documentation (amounts to only 16% of the 7000 banks in their network).35 5.1. Project Heatwave 37

5.1 Project Heatwave Project Heatwave’s vision was to offer an improved customer experience and efficient KYC processes in the financial sector starting in the corporate space, by reducing (removing) existing KYC processing duplicated among all customers and all banks, which causes inefficiencies and bad will among customers.7 The hypothesis of the project was stated as follows: Will dis- tributed ledger technology as a solution for sharing and processing KYC- relevant information

1. allow clients to gain control over their own data? 2. gather only one copy of the data? 3. increase transparency into to the process while saving time?7

5.1.1 How the system works

Figure 5.1: The systematic process of Project Heatwave.7

Figure 5.2 shows the Heatwave system which has two interfaces, one for the bank (upper left) and one for the customer (upper right). The bank can see received notifications (1), and they can also see how many customers have shared their data with them(2). The customer has access to their own basic information(3), and KYC files can be uploaded in the customer interface. The number of banks that has been authorized to use the customer’s data is also listed here (5), along with banks that have signed the customer’s KYC 38 Case Analysis and verified them as a client. After verification the banks will have access to the customer’s basic information, and KYC documents. If any changes happens from the customer’s side, the bank will receive a notification (2).

Figure 5.2: Graphics of the system.?

Figure 5.2 shows a blockchain monitor (6) for the purpose of demonstration in order to see what actually happens behind the scenes in the blockchain. In this example Northern Lights Ltd. (NLL) is the customer, and DNB is the bank. NLL would like to become a client of DNB and open an account. For this to happen, DNB has to perform the KYC process on NLL. DNB can access the system an see if they have access to NLL’s information. If not, NLL has to grant access. The blockchain monitor then will show that a new block has been mined (6) which is the new relationship between NLL and DNB. If DNB refreshes their system, they can now see a new customer (2) that would like to share their data. Here, they can see the details of the customer, download document that the customer has updated to prove their identity, and they an improve the KYC data. NLL will then receive a notification (4) that the bank has approved its data and ready for them to 5.2. Findings and Outcomes 39 become a client at the bank. They can also edit the data, and all banks with access to that customer’s data will be updated.

5.2 Findings and Outcomes Using the IPO framework of business process change, the outcomes of Pro- ject Heatwave can be categorized in three categories: business outcomes, process outcomes (what they learned of the process), and technological out- comes.

5.2.1 Business

From the business aspect, Project Heatwave showed that if they focus on the customer experience, benefits such as cost reduction and efficiency would follow. In addition, if a base infrastructure is successfully established, there are multiple future value points to pay attention to, these would be: in- creased trust between banks, customer identity service, and a digital tie into other information providers (e.g. government ID scheme to eliminate paper copies). Furthermore, the need for developing a common standard for customer data collection became evident. This would provide a com- mon infrastructure in order to drive efficiency and standardization. On the other hand, they found it difficult to isolate the benefits of a DLT solution vs. today’s traditional KYC solution, which means necessary measuring factors must be put in place. Also, only with a larger number of bank candidates, a quantitative business case will be possible (only 5 banks par- ticipating in Project Heatwave).36

5.2.2 Process

From the process aspect they realized that building a new business model with a industry-new technology will be a complicated and difficult task, 40 Case Analysis which further proved that there is much more to learn and many unanswered questions to explore. There were common consensus on the use of experi- mental approaches in dealing with uncertainty, thereby allowing for pivots. Practical factors such as meeting early and often, and face to face, would help increase human interaction and further develop close teamwork (sub- sequently, team workshops in Stockholm, Copenhagen, London, and Hel- sinki were held). Transition from experiment mode to product development seems difficult to achieve without a separate team to take it forward. In ad- dition, balanced engagement between the core team and outside experts are strongly required (e.g. legal, business, customers, audits, etc.).36

5.2.3 Technology

For such projects, smart contracts and/or distributed ledger can be used for: messaging, automated execution of logic, transparency of code to drive standardization, and audit trail of user access. Cryptography will provide trust and security between clients and sharing of data with banks. Also, the build and maintenance of participant registry (key registry) is critical and they learned that ongoing management of keys will be hard to do, but possible. In addition, minimizing the volume of data (especially binary data) stored on the blockchain is necessary.36

5.3 Challenges The biggest challenge in this case was, and still is convincing board mem- bers and stakeholders that ’banking on’ Blockchain technology is the ad- vantageous thing to do. Gartner’s Hype Cycle has been used both as a fear factor, but also as a motivational tool. This is a graph of a common pattern that arises with each new technology or innovation. Hype Cycles are cre- ated every year in various domains as a way for clients to track technology maturity and future potential. Figure 5.3 shows the Hype Cycle for 2017, 5.3. Challenges 41

Figure 5.3: Gartner’s Hype Cycle of 2017.9 we see that the five phases in the Hype Cycle are: Technology trigger, Peak of inflated expectations, Trough of disillusionment, Slope of enlightenment, and Plateau of productivity.37

The figure shows that in 5-10 years Blockchain technology will reach the plateau of productivity phase. At the moment we see that Blockchain is placed barely within the peak of inflated expectations phase, and seems to slowly move down the slope towards the trough of disillusionment phase. The reason for this is that development and testing of use cases for Block- chain technology mainly is conducted behind closed doors. In other words, there is a suspense over who will peek as a first-mover, and who will quickly follow as a fast follower. Regardless, we will most likely see larger projects rolled out already by next year.7 42 Case Analysis 6 Evaluation

6.1 Choosing Blockchain as a thesis topic Given the rapid pace of development with Blockchain, there was a need to constantly monitor and assess new articles, published projects as well as start-ups formed (in 2017 alone) in order to stay ahead of the curve. It was a challenge to maintain an innovative thesis perspective, as what I considered innovative quickly turned out to already have been tested out by industry giants behind closed doors. Evidently I settled with the fact that this thesis might end up being a report on real-life progress, rather than a paper on innovative possibilities. Subsequently the structure of the thesis fluently changed and adapted to the information available from DNB, the tech-industry and the financial industry.

6.2 Project Heatwave developments during thesis writing Project Heatwave was initially intended to be used as the main case for the case analysis. This project was a Nordic collaboration between SEB, Nordea, DNB, OP and Danske Bank.7 The project was cancelled as the Swedish government wanted to start to incorporate Blockchain technology, and the Swedish banks therefore opted out of the project due to priorities. Even though the project moved beyond test status, I decided to keep it as an industry specific example rather than the main scope for the case analysis because new data/customer testing data would not be available. In addi- tion, results from initial testings were also unavailable as time-constraints

43 44 Evaluation prevented gaining access to the relevant data within the thesis deadline. 7 Conclusion and Future Research

This thesis investigated the possibilities of using Blockchain technology as an enabler for process change in KYC processes in banks. The KYC process in DNB was evaluated on a non-technical basis. The information gathered from DNB showed positive attitudes towards such a concept, and it became clear that there is a strong desire and great need of decentral- ization of KYC processes. The presence of a technical evaluation would obviously have yielded useful and insightful results, unfortunately, due to time-constraints and corporate delays, this was unfortunately not achiev- able. Going back to the original research question of this thesis, the results of the non-technical evaluation highly indicate that Blockchain can be a powerful tool for process innovation in KYC processes in banks. As long as the banks invests in enough resources (people, time, and technology), it is most definitely successfully achievable.

7.1 Future Research Exploring further possibilities within KYC with Blockchain is necessary, especially because Blockchain technology is constantly evolving and de- veloped in different industries and governments around the world. The possibilities for further research within Blockchain as a topic are therefore endless. KYC processes in the future will most definitely run on block- chains, but beyond that is difficult to predict, mainly of the unpredictable nature of Blockchain technology. In the early 90s there were no certainty of what the Internet as we know it today eventually would become. Decentral- ized ledgers opens up endless possibilities for everything from small busi- nesses to government structures. This thesis is written right in the middle

45 46 Conclusion and Future Research of the excitement for the potential of this technology, thus speculations and predictions can only be left to endless imagination. References

[1] Curry, A., Flett, P. & Hollingsworth, I. Managing Information and Systems: The Business Perspective (Routledge, 2006). ISBN: 978âA¸S04-1535-586⢠A¸S5.˘

[2] Grover, V. & Otim, S. A framework for business process change re- quirements analysis. Design Requirements Engineering: A Ten-Year Perspective 14, 327–351 (2009).

[3] McMeekin, P. Blockchain for retailers: Producing real business bene- fits (2017). URL https://goo.gl/BFbsBK.

[4] Morrison, A. & Sinha, S. A primer on blockchain (infographic) (2016). URL https://goo.gl/N1UwEK.

[5] Times, F. How will blockchain technology transform financial ser- vices? (2015). URL https://goo.gl/sWgHcL.

[6] Wild, J., Arnold, M. & Stafford, P. Technology: Banks seek the key to blockchain (2015). URL https://goo.gl/etJaUV.

[7] DNB. R3 Members Conference: Findings Outcomes.

[8] Danko, J. Know your customer: Moving beyond regulatory compli- ance, oracle (2016). URL https://goo.gl/Nui3kp.

[9] Gartner. Top trends in the gartner hype cycle for emerging technolo- gies in 2017 (2017). URL https://goo.gl/S2uFdS.

[10] Hamme, D. Customer Focused Process Innovation: Linking Stra- tegic Intent to Everyday Execution (McGraw Hill Professional, 2014). ISBN: 978-00-718-3471-1.

[11] Reed, J. Financial Technology. 3 in 1 Bundle Book: FinTech, Block- chain, Smart Contracts (Jeff Reed, 2016). ISBN: 978-15-403-2704-8.

[12] Scheibach, M. Blockchain and banks. BankNews (2016).

47 48 REFERENCES

[13] by Trunomi, E. G. P. P. Gdpr faqs (2017). URL https://goo.gl/izsaZA.

[14] by Trunomi, E. G. P. P. Gdpr key changes (2017). URL https://goo. gl/RfYPqS.

[15] Hay, M. How gdpr plus blockchain leads to the future of self- sovereign identity (2016). URL https://goo.gl/HZZF8N.

[16] Dictionary, O. (2017). URL https://www.oxforddictionaries.com/.

[17] O’Sullivan, D. & Dooley, L. Applying innovation (SAGE Publica- tions, 2009). ISBN: 978-14-1295-455-6.

[18] Günter, K. & Traill, G. B. Products & Process Innovation in the Food Industry (Springer US, 2012). ISBN: 978-14-613-1133-1.

[19] Oliver, R. W. What is strategy, anyway? Business Strategy 22, 7–10 (2001).

[20] Stoddard, D. B. & Jarvenpaa, S. L. Business process redesign: Tactics for managing radical change. Management Information Systems 12, 81–107 (1995).

[21] Knights, D. & Willmott, H. The Reengineering Revolution (Harper- Collins, 1995). ISBN: 978-08-8730-736-2.

[22] Davenport, T. H. Process Innovation: Reengineering Work Through Information Technology (Harvard Business Review Press, 1992). ISBN: 978-08-758-4366-7.

[23] Yli-Huumo, J., Ko, D., Choi, S., Park, S. & Smolander, K. Where is current research on blockchain technology a systematic review. PLoS ONE 11, e0163477 (2016).

[24] Antonopoulos, A. M. The Internet of Money. Volume 1 (Merkle Bloom LLC, 2016). ISBN: 978-15-370-0054-9.

[25] McCullough, R. Be ready for blockchain. Security Dealer & Integ- rator (2017).

[26] Goldman Sachs. Profiles in innovation: Blockchain, Global invest- ment research. URL: https://goo.gl/7sR5uu (2016). REFERENCES 49

[27] Bashir, I. Mastering Blockchain (Packt Publishing Ltd., 2017). ISBN: 978-1-78712-544-5.

[28] Wawira, N. L. Effectiveness of know your customer (kyc) policies adopted by commercial banks in kenya in reducing money laundering and fraud incidences. University of Nairobi (2009).

[29] Arasa, R. & Ottichilo, L. Determinants of know your customer (kyc) compliance among commercial banks in kenya. Journal of Economics and Behavioral Studies 7, 162–175 (2015).

[30] Muller, W. H., Kalin, C. H. & Goldsworth, J. G. Anti-Money Laun- dering - International Law and Practice. 1st Ed. (John Wiley & Sons, 2007). ISBN: 978-04-700-3319-7.

[31] Wolfsberg Group. Internal control reports and financial reporting problems. Accounting Horizons 10, 67–75 (2002).

[32] Pieth, M. Transnational commercial bribery: Challenge to arbitra- tion. ICC Publication 651: Arbitration - Money Laundering, Corrup- tion and Fraud (ICC Publishing S.A., 2003). ISBN: 928-42-1320-7.

[33] Swan, M. Blockchain: Blueprint for a new Economy (O’Reilly Media, Inc., 2015). ISBN: 978-1-4919-2049-7.

[34] NTNU. Hva er oria (2015). URL https://goo.gl/jStXqN.

[35] McNamara, S. Blockchain applications in banking (2016). URL https: //goo.gl/W7yruh.

[36] DNB. R3 Members Conference: Heatwave Project Showcase (2016).

[37] Gartner. It glossary: Hype cycle (2017). URL https://goo.gl/ oQFeGW.